Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcebf9d6

Browse files
committed
Only superuser can set sslcert/sslkey in postgres_fdw user mappings
Othrwise there is a security risk.Discussion:https://postgr.es/m/20200109103014.GA4192@msg.df7cb.de
1 parent4e514c6 commitcebf9d6

File tree

4 files changed

+31
-1
lines changed

4 files changed

+31
-1
lines changed

‎contrib/postgres_fdw/expected/postgres_fdw.out

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8898,6 +8898,15 @@ SELECT * FROM ft1_nopw LIMIT 1;
88988898
1111 | 2 | | | | | ft1 |
88998899
(1 row)
89008900

8901+
-- unpriv user also cannot set sslcert / sslkey on the user mapping
8902+
-- first set password_required so we see the right error messages
8903+
ALTER USER MAPPING FOR CURRENT_USER SERVER loopback_nopw OPTIONS (SET password_required 'true');
8904+
ALTER USER MAPPING FOR CURRENT_USER SERVER loopback_nopw OPTIONS (ADD sslcert 'foo.crt');
8905+
ERROR: sslcert and sslkey are superuser-only
8906+
HINT: User mappings with the sslcert or sslkey options set may only be created or modified by the superuser
8907+
ALTER USER MAPPING FOR CURRENT_USER SERVER loopback_nopw OPTIONS (ADD sslkey 'foo.key');
8908+
ERROR: sslcert and sslkey are superuser-only
8909+
HINT: User mappings with the sslcert or sslkey options set may only be created or modified by the superuser
89018910
-- We're done with the role named after a specific user and need to check the
89028911
-- changes to the public mapping.
89038912
DROP USER MAPPING FOR CURRENT_USER SERVER loopback_nopw;

‎contrib/postgres_fdw/option.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,16 @@ postgres_fdw_validator(PG_FUNCTION_ARGS)
159159
errmsg("password_required=false is superuser-only"),
160160
errhint("User mappings with the password_required option set to false may only be created or modified by the superuser")));
161161
}
162+
elseif (strcmp(def->defname,"sslcert")==0||
163+
strcmp(def->defname,"sslkey")==0)
164+
{
165+
/* similarly for sslcert / sslkey on user mapping */
166+
if (catalog==UserMappingRelationId&& !superuser())
167+
ereport(ERROR,
168+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
169+
errmsg("sslcert and sslkey are superuser-only"),
170+
errhint("User mappings with the sslcert or sslkey options set may only be created or modified by the superuser")));
171+
}
162172
}
163173

164174
PG_RETURN_VOID();

‎contrib/postgres_fdw/sql/postgres_fdw.sql

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2567,6 +2567,7 @@ SELECT * FROM ft1_nopw LIMIT 1;
25672567
-- Unpriv user cannot make the mapping passwordless
25682568
ALTERUSER MAPPING FORCURRENT_USER SERVER loopback_nopw OPTIONS (ADD password_required'false');
25692569

2570+
25702571
SELECT*FROM ft1_nopwLIMIT1;
25712572

25722573
RESET ROLE;
@@ -2579,6 +2580,12 @@ SET ROLE regress_nosuper;
25792580
-- Should finally work now
25802581
SELECT*FROM ft1_nopwLIMIT1;
25812582

2583+
-- unpriv user also cannot set sslcert / sslkey on the user mapping
2584+
-- first set password_required so we see the right error messages
2585+
ALTERUSER MAPPING FORCURRENT_USER SERVER loopback_nopw OPTIONS (SET password_required'true');
2586+
ALTERUSER MAPPING FORCURRENT_USER SERVER loopback_nopw OPTIONS (ADD sslcert'foo.crt');
2587+
ALTERUSER MAPPING FORCURRENT_USER SERVER loopback_nopw OPTIONS (ADD sslkey'foo.key');
2588+
25822589
-- We're done with the role named after a specific user and need to check the
25832590
-- changes to the public mapping.
25842591
DROPUSER MAPPING FORCURRENT_USER SERVER loopback_nopw;

‎doc/src/sgml/postgres-fdw.sgml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@
130130
</listitem>
131131
<listitem>
132132
<para>
133-
<literal>sslkey</literal> and <literal>sslpassword</literal> - these may
133+
<literal>sslkey</literal> and <literal>sslcert</literal> - these may
134134
appear in <emphasis>either or both</emphasis> a connection and a user
135135
mapping. If both are present, the user mapping setting overrides the
136136
connection setting.
@@ -139,6 +139,10 @@
139139
</itemizedlist>
140140
</para>
141141

142+
<para>
143+
Only superusers may create or modify user mappings with the
144+
<literal>sslcert</literal> or <literal>sslkey</literal> settings.
145+
</para>
142146
<para>
143147
Only superusers may connect to foreign servers without password
144148
authentication, so always specify the <literal>password</literal> option

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp